Radius multi-factor not possible with SoftEther

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
clebourgeois
Posts: 6
Joined: Fri Jul 21, 2017 3:29 pm

Radius multi-factor not possible with SoftEther

Post by clebourgeois » Fri Jul 21, 2017 3:41 pm

I've seen a couple of posts and wanted to get a 2017 answer on this as there seems to be no traction on this project with this feature

https://github.com/SoftEtherVPN/SoftEtherVPN/issues/80

The short story is, Radius works which signals the phone call (in this situation I am using Azure Multi-factor Server). Because the automatic reconnect is hard coded, as you are answering the phone to accept the multi-factor, the authentication process times out and tries to reconnect which causes the multi-factor to call your phone again creating a loop.

The feature request for an ability to extend the SoftEther interupter's time to authenticate would be great in the gui or config, but can anyone let us know if there is an ability to edit something in code to change this threshhold?

I know this is open source but multifactor for VPN connectivity is very popular and needed in this day and age. Without the ability to modify this threshold multi-factor cannot be utilized.

clebourgeois
Posts: 6
Joined: Fri Jul 21, 2017 3:29 pm

Re: Radius multi-factor not possible with SoftEther

Post by clebourgeois » Mon Jul 24, 2017 6:06 pm

Here is how you resolve this issue. It requires you to download the source, make changes in 3 files, then recompile. I am only on Windows but it was very easy as long as you have visual studio 2008 pro or standard (No Express supported, and any year beyond 2008 not supported)

Here are the files containing parameters that need to be changed.

Radius.h
#define RADIUS_RETRY_TIMEOUT (10 * 1000) // Time-out period
change to...
#define RADIUS_RETRY_TIMEOUT (30 * 1000) // Time-out period

Cedar.h
#define CONNECTING_TIMEOUT (15 * 1000) // Timeout in seconds of being connected
change to...
#define CONNECTING_TIMEOUT (30 * 1000) // Timeout in seconds of being connected

network.h
#define TIMEOUT_SSL_CONNECT (15 * 1000)
change to...
#define TIMEOUT_SSL_CONNECT (30 * 1000)

and..
#define SSL_DEFAULT_CONNECT_TIMEOUT (15 * 1000) // SSL default timeout
change to..
#define SSL_DEFAULT_CONNECT_TIMEOUT (30 * 1000) // SSL default timeout

Recompiled and reinstalled the server and the client. Now I can wait 25 seconds and it still does not time out on me.

Hopefully this helps the next person looking for an answer on this.

Not sure what the rules are about posting a recompiled version with these fixes so I will wait to see what the powers that be think

Post Reply